Hack in Paris 2014. European Adventures of Hackers at Disneyland

    I read the Dor1s article on DEF CON CTF 22 and wanted to talk about my summer adventures at Hack in Paris. I think it will be interesting to harazhitelam to read the report on this event, especially since some of us even spoke at it. It brought me to HIP2014 quite by accident. Returning through Paris from a business trip, I had some kind of strange gap before the holidays. He began to google that serious things were happening nearby, and unexpectedly stumbled upon this conference. I saw guys like Winn Schwartau on the list of participants and decided to rush to this European DEFCON. Tickets were quite expensive, but not fatal. Approximately 700 €.

    Of course, I expected Disneyland to be very close, but in fact, from the Hotel New York, where the event took place, it was only 4 minutes walk to the entrance of this vacuum cleaner for the pockets of parents from around the world.

    It’s funny with serious specialists to eat steaks with blood and watch how, on the contrary, another obnoxious girl finishes off her surrendered mother to buy Mickey Mouse, which is bigger than her (mother).

    Key messages from the reports ...



    1. The level of protection of networks and controllers in the manufacturing sector is zero (ICS / SCADA). That is, systems at major enterprises are protected in such a way that they cannot be a challenge even for 12 year old children with a normal working head.
    2. Soon, even irons and coffee makers will have broadband Internet access. It is then that real chaos will begin. After that, ordinary users will have much more trouble. “Your refrigerator is locked. If you want a morning pickle, send an SMS to a short number. ”
    3. Want a safer connection - get your grandmother Nokia dawn 90x.
    4. In China, you can buy anything on the black market. Drawings and technologies of any equipment produced on the planet.
    5. Cryptography evolves, and encryption is replaced by robust algorithms of a new type.

    Below about all this is expanded and detailed.

    The event itself consisted of 3 parts. A week of training seminars, two days of performances and a day of competition. The day and night of the competition are called Nuit du Hack. The rest is Hack in Paris.

    Everything looked pretty solid. There were directors from huge companies such as Baidu.

    There was a sea of ​​cult characters with whom it was easy to chat and drink beer. There were interesting workshops with demo stands that taught to hack everything from Android phones to drones and factories.



    The most vivid performances for my taste


    1. That’s where the fun begins. Speech of the dear Alvaro Alejandro Soto (Alvaro Alexander Soto), in which he talks about the most advanced data recovery technologies, the largest hardware vulnerability of our days, as well as the construction of his own laboratory for examination. Frequency analysis? Yeah, and you don’t want a Faraday cage and clearing the microbombs in the server?

    I think that for security professionals there will only be a couple of new points, but for CEO and CTOs, the presentation will be enlightening. And they immediately want to invest something else in the security of the company. For this video, it’s worth using.



    2. And then the brilliant Thomas Wang from Baidu. A Chinese company with more users than Google. Right from the hell of modern mobile malware building. It seemed to me that his speech was important, because it gives an interesting vision of one of the new threats in the field of user security. He talks about how they stop huge epidemics and in every possible way sprinkles with examples from a hectic personal life. In general, you need to watch.



    By the way, during a private conversation with him, at a private cocktail party, they came to the conclusion that the lion's share of the problems can be solved by covering companies that provide payment processing services to fraudsters. I will not poke a finger. We already know them all.

    However, in China everything is much trickier. His lecture gives a taste of the chaos taking place there.

    3. And finally, Paul Koggin about ICS / SCADA. It is about how vulnerable modern systems operating in the industry are. The general feeling is that the level of security in this area is tantamount to protecting the gullible dodoes that were eaten in the 18th century.





    And what else?



    There was an interesting story with the Swiss company Equivalence AG. They challenged the hackers participating in the conference and handed out to everyone flyers in the form of 500 €, with a proposal to open their archive.

    At some point, the event de facto stopped. The huge hall, along with the speakers, buried itself in their laptops, trying to unravel the secret. But no one hacked them.

    The technology, they said, is based on a new principle that has not been used before. And they do not use encryption.
    I know the guys at Nui du Hack found and gutted the patents of Equivalence AG, but this also yielded no results.



    I am sure that the event does not reach the scale of DEFCON and DERBYCON, but it was great. I also liked that everyone was conducted by a small, fragile mm ... African woman named Laila. Despite the fact that the event was organized by the guys from Sysdreams, she was the real leader of the event. She just ran around the huge hotel from end to end, on the run kissing someone or giving instructions.


    Left Jess. (Jayson E. Street). Laila on the right.

    As a result, I had a cool 4 days. Learned to open door locks at speed. And he piloted a quadcopter to the nearest wall. French cuisine and excellent local air contributed to this.

    By the way, what do you think about the situation with SCADA?

    Also popular now: